Posture
critical
3
high
9
medium
3
low
7
Ownership
Findings (24)
medium
Insecure deserialization in message queue consumer
SnykSCA
open
4.8
low
Terraform module pins old AMI with CVEs
CheckovIaC
triaged
4.7
high
Race condition in payment idempotency
SonarQubeSAST
accepted
8.7
high
Race condition in payment idempotency
Contrast RASPRASP
open
9.7
medium
JWT signed with weak HS256 secret
GitleaksSecrets
open
5.9
low
Container running as root
GrypeContainer
triaged
4.7
low
Outdated lodash with prototype pollution
CodeQLSAST
triaged
8.9
high
Container running as root
CheckovIaC
triaged
8.1
info
Container running as root
Scout SuiteCSPM
open
4.6
high
Log4Shell vulnerable dependency
CodeQLSAST
open
6.2
high
IAM role with wildcard permissions
Burp Pro PenTestPenTest
open
5.9
medium
Cross-site Scripting in profile renderer
Cloudflare WAFWAF
open
5.4
low
Outdated lodash with prototype pollution
GitleaksSecrets
open
4.8
critical
Log4Shell vulnerable dependency
Contrast RASPRASP
triaged
4.1
low
Missing rate limiting on /login
WizCSPM
false positive
9.2